Dynamic optimization method of firewall rule set based on heap structure

A technology of dynamic optimization and heap structure, applied in the direction of electrical components, transmission systems, etc., can solve the problems of increasing the number of matching, reducing the hit efficiency of firewalls, etc., and achieve the effects of reducing the number of hits, changing efficiently and reliably, and adjusting algorithms efficiently

Inactive Publication Date: 2019-01-04
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

W is the evaluation standard for firewall performance. For rules with low priority, the number of matches will undoubtedly increase in the firewall matching, thereby reducing the hit efficiency of the firewall.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic optimization method of firewall rule set based on heap structure
  • Dynamic optimization method of firewall rule set based on heap structure
  • Dynamic optimization method of firewall rule set based on heap structure

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] The present invention will be further described below in conjunction with the accompanying drawings. The following examples are only used to illustrate the technical solution of the present invention more clearly, but not to limit the protection scope of the present invention.

[0058] In the following, the dynamic optimization algorithm of firewall rule set based on statistical analysis and the dynamic optimization algorithm of firewall rule set based on heap structure are described through simulation experiments, and the relevant data are compared and analyzed.

[0059] (1) Experimental environment

[0060] The simulation experiment is carried out under the CentOS 6.3 operating system. The kernel version of the CentOS 6.3 operating system is Linux-2.6.32-279.19.1.el6.i686, the memory size is 512MB, and the compiler gcc version is gcc-4.4.4 .

[0061] The simulation tool is written in C language under Linux, and its main function is to realize the packet matching fun...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a dynamic optimization method of a firewall rule set based on the heap structure. The method is characterized by comprising SS1: constructing a construction model of a heap structure, the construction model of the heap structure comprising a minimum heap and a single linked list; SS2: proposing a dynamic adjustment algorithm for heap structure, wherein the dynamic adjustment algorithm comprises a minimum heap adjustment algorithm and a heap structure adjustment algorithm. Compared with the existing statistical analysis method, the invention proposes a firewall rule setdynamic optimization algorithm based on a heap structure, and through the analysis of the related characteristics of network data packets, three formulas for priority calculation are put forward, which are used for realizing the fast calculation of rule priority. At the same time, according to three formulas, an efficient adjustment algorithm is proposed, which can make the firewall rule set change efficiently and reliably, and reduce the hit times of firewall rule set.

Description

technical field [0001] The invention relates to a dynamic optimization method of a firewall rule set based on a heap structure, and belongs to the technical field of firewall rule set optimization. Background technique [0002] When the firewall rules are added to the rule set, the matching order of the rules has been determined. In the subsequent rule matching, unless manually modified, the matching order is fixed. This design mode of the firewall greatly affects its operating efficiency when the rules are matched. [0003] The matching order of the original firewall rule set is from top to bottom. In the research of this chapter, we dynamically adjust the order of the rules in the firewall rule set so that the rules with higher priority are at the upper end of the rule set. [0004] Statistical analysis algorithm is a commonly used method in the dynamic research of firewall rule set. In the relevant literature, the application of statistical analysis in firewall rule opt...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0263
Inventor 摆亮张震柳林倪江帆张程风刘海波黄忠伟
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap